Ser Empresario Magazine in audio

CARLOS MONTOYA

Season 310 Episode 11

Use Left/Right to seek, Home/End to jump to start or end. Hold shift to jump forward or backward.

0:00 | 5:30
SPEAKER_00

Would you entrust your information to an unsupervised artificial intelligence? By Carlos Montoya. Every week, new companies emerge claiming to use artificial intelligence to generate reports, analyze information, automate processes, or support decision-making. AI has become the new hallmark of business modernity. Today, virtually every organization boasts of using artificial intelligence, and some even claim to develop their own solutions. However, there is one question that very few customers are asking, who can prove that they use artificial intelligence responsibly? Because the real risk is no longer that a company doesn't use artificial intelligence. The risk is hiring an organization that uses it without controls, without oversight, and without clear rules. Imagine you share your company's strategic information with a provider that claims to use AI for specialized analysis. How can you be sure your data won't end up being used to train external models? How can you be sure the information wasn't uploaded to public platforms without authorization? How can you be sure the report you receive was reviewed by a human expert and not simply generated through automated copy-pasting? Most organizations simply cannot answer these questions. Precisely because of this concern, in 2023 the International Organization for Standardization, ISO, published ISO 42001, the first international standard for artificial intelligence management systems. Its goal is not to assess how advanced an artificial intelligence is. Its purpose is much more important. To ensure that organizations have mechanisms in place to govern the use of AI in an ethical, responsible, transparent, and secure manner. The creation of this standard did not happen by chance. As artificial intelligence began to be massively incorporated into business processes, incidents also began to emerge that demonstrated the risks of uncontrolled adoption. One of the most well-known cases involved the global consulting firm Deloitte, when a report submitted to the Australian government was challenged for containing inaccurate information and problematic references stemming from the use of artificial intelligence tools. The incident generated public criticism and highlighted a growing problem. Even organizations with vast resources, international recognition, and access to specialists can face consequences when robust mechanisms for validating AI-generated results are lacking. The lesson is clear. These risks are not exclusive to small businesses or startups just beginning to experiment with technology. They also affect global corporations, governments, and organizations that handle critical information. For this same reason, Europe decided to go even further through the EU AI Act, a regulation that establishes specific requirements for the development and use of artificial intelligence systems according to the level of risk they represent. The global trend is clear. The conversation is no longer about who uses artificial intelligence, but about who can demonstrate that they use it safely. And here lies a great opportunity for Mexico, and particularly for the northern border region. It is often said that other regions are years ahead in the development of artificial intelligence. However, that also means they have already gone through a learning curve that we can avoid. We may not have been the first to develop these technologies, but we can become leaders in something equally important the governance of artificial intelligence. For decades, global supply chains have learned to demand certifications to guarantee quality, safety, and reliability. Today, it's unthinkable for a large manufacturing company to contract certain services without verifying certifications, such as ISO 9001. The question is, why do we continue to hire suppliers who handle sensitive information using artificial intelligence without demanding evidence of equivalent controls? If a company will have access to confidential information, strategic data, intellectual property, internal processes, or business decisions using artificial intelligence, the absence of formal controls should raise legitimate concerns. Purchasing, compliance, audit, and risk management departments should start asking their suppliers new questions. What AI tools do they use? How do they protect the information they receive? Who validates the generated results? What mechanisms exist to prevent errors, biases, or data leaks? The ISO 42001 certification represents precisely that evidence. An organization certified under this standard must demonstrate that it has policies, processes, controls, risk assessments, human oversight, information protection, and continuous improvement mechanisms related to the use of artificial intelligence. In other words, it is not enough to simply claim to use AI. It must demonstrate that it knows how to govern it. Just as for years companies demanded ISO 9001 to guarantee quality, or ISO 14001 to demonstrate adequate environmental management, we will soon begin to demand ISO 42001 to guarantee the responsible use of artificial intelligence. Because the next time a vendor boasts that they use AI, perhaps the question. More importantly, it's not what platform you use. The real question will be can they demonstrate that they govern it properly? In a market where everyone claims to use artificial intelligence, trust will no longer be generated by whoever has access to the technology. It will be generated by whoever can demonstrate that they know how to use it responsibly.